Privacy Policy

Account information: When you sign up, we collect your name, email address, and organization name through our authentication provider, Clerk.

Usage data: We collect information about how you interact with the FlagDrop dashboard, including pages visited, features used, and API calls made.

Flag configuration metadata: We store flag definitions, targeting rules, and project structure that you create through our dashboard or API.

Cloud credentials: We securely store the cloud storage credentials you provide for config push. These are encrypted at rest and used solely to push config files to your buckets.

We use the information we collect to provide, maintain, and improve the FlagDrop service. Specifically:

• To authenticate you and manage your account
• To generate and push flag configuration files to your cloud storage
• To provide customer support
• To send you service-related communications (billing, security alerts, feature updates)
• To monitor and improve the reliability of our service

FlagDrop's control plane data (account info, flag definitions, project structure) is stored in PostgreSQL databases hosted in the United States with encryption at rest.

Flag evaluation data — the config files your SDKs read at runtime — is stored exclusively in your own cloud storage buckets in the regions you choose. We do not retain copies.

We use the following third-party services:

• Clerk — Authentication and user management
• Stripe — Payment processing (we do not store credit card numbers)
• AWS / GCP / Azure — Infrastructure hosting

We do not sell your personal information to third parties.

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your account and associated data
• Export your flag configuration data at any time
• Object to processing of your data for marketing purposes

When you delete your account, we delete all associated data within 30 days.